Open ioctl-user opened 9 months ago
My router WEB-interface also doesn't shows it.
Install OpenWrt or DD-WRT on the router
Sometimes mobile phone status bar shows heavy outgoing traffic
It doesn't mean anything. It's necessary to conduct a specific traffic analysis on the external gateway. For example, on a router.
I would like to see which app has outgoing traffic without disabling AFWall. So, it would be nice to have such a possibility in a PCAPdroid, if possible.
PCAPdroid already has a root monitor
So, I think that the phone status bar shows traffic before AFWall iptables, while PCAPdroid shows traffic after iptables.
Most likely it's. This means that the traffic is successfully blocked. And the issue to add a firewall in root mode has been around for a long time https://github.com/emanuele-f/PCAPdroid/issues/203
Sometimes mobile phone status bar shows heavy outgoing traffic, but PCAPdroid doesn't catch it
If the traffic is blocked early, PCAPdroid in non-root mode won't see it. To see it, you just need to run PCAPdroid with the root capture enabled
To see it, you just need to run PCAPdroid with the root capture enabled
It won't show anyway. If AFWall blocks earlier.
Router web interface doesn't show traffic because there is no traffic via router :)
PCAPdroid works in the root mode in my case.
Could you please note, why this request was closed?
You said root capture in PCAPdroid worked for your need, right? Is there anything else you want to discuss?
Just reread my messages and seems it need clarification. Sorry for misunderstanding.
So, phone is rooted and root capture of PCAPdroid is turned on. AFwall is also turned on.
PCAPdroid doesn't capture packets killed by AFwall. Because, it seems, AFwall kills outgoing packets before they were captured by PCAPdroid.
This seems to be a problem.
Could you please note, why this request was closed?
In fact, the topic could really be continued :) In networklog were several modes of operation there: in front of the firewall and behind the firewall. It has implemented cool statistics, but they don't seem to be needed here ;)
PCAPdroid doesn't capture packets killed by AFwall. Because, it seems, AFwall kills outgoing packets before they were captured by PCAPdroid.
My bad, in root mode PCAPdroid captures the packets via libpcap, just before they reach the network interface (so after the iptables logic is applied).
Here are some ideas which could help, however none of them seems well suited for your use case:
iptables -L -v
), but I'm not sure that these are enabled in Android. This could be something to evaluate in afwall, to have some kind of rule statsRelated: #111
E.g. running two PCAPdroid instances, one in non-root and the other in root mode
The problem with this variant may also be that the only one VpnService may be needed for the external VPN connection itself. Of course, there is a variant with work profiles, but this requires additional actions and skills.
- Doing a step back, in theory iptables has counters for packets/bytes matching rules (e.g.
iptables -L -v
), but I'm not sure that these are enabled in Android. This could be something to evaluate in afwall, to have some kind of rule stats
This is a very good variant. For example, through /data/data/dev.ukanth.ufirewall/app_bin/nflog Just not for dumb users at all ;) But then firewalls aren't needed, but can do everything with scripts :)
I have the following situation: My phone is rooted, AFWall+ app is installed, and a lot of apps has disabled network connection. Sometimes mobile phone status bar shows heavy outgoing traffic, but PCAPdroid doesn't catch it. My router WEB-interface also doesn't shows it. So, I think that the phone status bar shows traffic before AFWall iptables, while PCAPdroid shows traffic after iptables.
I would like to see which app has outgoing traffic without disabling AFWall. So, it would be nice to have such a possibility in a PCAPdroid, if possible.